[sudo-users] RunAs support sudoers2ldif

Aaron Spangler aaron777 at gmail.com
Thu Jan 6 22:17:10 EST 2005


Kenneth,

Looks perfect!

You could even add the 'description' attribute to describe the roll in
human terms so that you remember why you created it later.

Sorry I took so long to reply.

- Aaron



On Tue, 4 Jan 2005 13:01:53 +0100,
kenneth.gullberg at foreningssparbanken.se
<kenneth.gullberg at foreningssparbanken.se> wrote:
> Hi,
> 
> Im setting up a test environment with the sudoers in ldap.
> 
> Ive want to use RunAs aliases which is currently bug reported in
> sudoers2ldif:
> 
> # BUGS:
> #   Does not yet handle multiple lines with : in them
> #   Does not yet handle runas (xxx) syntax.
> #   Does not yet remove quotation marks from options
> #   Does not yet escape + at the beginning of a dn
> #   Does not yet handle line wraps correctly
> #   Does not yet handle multiple roles with same name (needs tiebreaker)
> 
> Ofcourse I want to use RunAs (xxx) syntax..
> 
> The format of my sudoers today is:
> 
> ----------
> User_Alias APP1_DEV=devuser1,devuser2
> 
> Host_Alias APP1_TEST=app1test1,app1test2
> 
> Runas_Alias APP1_RUN=app1testuser
> 
> Cmnd_Alias APP1_CMD=/bin/ls
> 
> Cmnd_Alias SHELLS=!/bin/sh (etc etc etc etc... )
> 
> APP1    APP1_TEST=(APP1_RUN) PASSWD: APP1_CMD,!SHELLS
> -----------
> 
> Can anyone confirm that this entry is the correct one with runas
> support?
> 
> dn: cn=APP1,ou=sudoers,dc=test,dc=example,dc=com
> objectClass: top
> objectClass: sudoRole
> cn: APP1
> sudoUser: devuser1
> sudoUser: devuser2
> sudoHost: app1test1
> sudoHost: app1test2
> sudoRunAs: app1testuser
> sudoCommand: /bin/ls
> sudoCommand: !/bin/sh
> sudoOption: authenticate
> 
> Best Regards
> Kenneth Gullberg
> 
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>



More information about the sudo-users mailing list